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DETAILED ACTION 

1. Applicant's amendment filed on Oct. 02, 2007 has been entered. Claims 1-6, 8- 
15, 17-23 and 25 are pending. Claims 7, 16, 24 are canceled and claims 1-3, 6, 8, 10- 
13, 15, 17-23 and 25 are amended by the applicant. Applicant's amendment to the 
specification submitted on 9/17/07 has been entered. 

» 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-6, 8, 10-15, 17-23 and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Smith et al (US Patent No. 7,136,873) in view of Schneier et al (US 
Patent No. 5,978475) in view of Chang et al (US Patent No. 6,584,459) and in view of 
Numao et al (US Patent NO. 6,647,388). 

As per claim 1 , Smith teaches: 

storing a plurality of electronic records in a common repository of electronic records in 
the database [Fig. 1, 34 component 16], creating a security protocol that protects the 
electronic records against unauthorized access [Fig. 34, component 1604]; creating a 
query designed to identify electronic records in the database that meet criteria 
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designated in the query [Fig. 34, 27, col. 41 lines 1-11]; prior to executing the query, 
modifying the query in accordance with the security protocol (i.e. access policy) to 
create a modified query [Fig. 34, col. 42 lines 1-5]; and running the modified query 
against the data [Fig. 34, col. 40 lines 57-61]. 

Smith teaches storing plurality of electronic records as shown in Fig. 34. Smith does not 
expressively mention that provides an audit trail that cannot be altered or disabled by 
users of the system. 

Schneier teaches storing a plurality of electronic records in a common repository of 
electronic records in the database that provides an audit trail that cannot be altered or 
disabled by users associated with the database [Fig. 3, col. 6 lines 41-64, col. 12 lines 
47-50]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Schneier with Smith, since one would have been 
motivated to generate a secure audit log [Schneier, col. 3 line 8]. 

Chang teaches each electronic record comprises unstructured data stored in a 
character large-object (CLOB) format in a column of a table of the database [Fig. 1, 3, 
col. 11 lines 61-67, col. 12 lines 1-19]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Chang with Smith and Schneier, since one would 
have been motivated to provide efficient database management system [Chang, col. 3 
lines 31-33]. 
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Numao teaches: generating one or more security rules in response to input identifying 
one or more elements in the unstructured data (e.g. parameter which identifies subject, 
object... etc.) as elements of the one or more security rules [Fig. 5, 6, 1, 2, col. 10 lines 
66-67, col. 11 lines 1-42], wherein the security policy (protocol) protects the 
unauthorized access based on the one or more security rules [Fig. 1, 2]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Numao with Smith, Schneier and Chang, since one 
would have been motivated to provide a conditional response that is dependent on the 
establishment of a specific state [Numao, col. 2 lines 1-2, 15-21]. 

As per claim 2 , the rejection of claim 1 is incorporated and Numao teaches 
allowing a user to identify the one or more element in the unstructured data as indexed 
elements [Fig. 5, col. 10 lines 66-67, col. 11 lines 1-16]; and allowing a user to generate 
the one or more security rules based on the indexed elements [Fig. 5, col. 11 lines 20- 
24, Fig. 6]. 

As per claim 3 and 4 , the rejection of claim 1 is incorporated and Smith teaches 

access to electronic records in the common repository is automatically granted/denied 
unless the security protocol restricts/grants such access [Fig. 34, col. 42 lines 59-62]. 

Numao teaches: 
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access to electronic records in the common repository is automatically granted/denied 
unless the security protocol restricts/grants such access and wherein the security 
protocol comprises a plurality of security rules that restricts access to the electronic 
records within the database [Figs. 1, 2, 4, 5]. 

As per claim 5 , the rejection of claim 1 is incorporated and Smith teaches: 

the plurality of electronic records are generated from multiple data sources [Fig. 5]. 

As per claim 6 , the rejection of claim 5 is incorporated and Smith teaches a predefined 
mapping of the fields to multiple data sources [Fig. 5, col. 4 lines 53-55]. 

Chang teaches the fields of the electronic records are filled with XML data based on a 
predefined mapping to multiple data sources [col. 2 lines 18-28, Fig. 4]. 

As per claim 8 , the rejection of claim 1 is incorporated and Chang teaches the 
unstructured data comprises well-formed XML documents stored within the column of 
the table stored in the database [col. 13 lines 29-49]. 



As per claim 10 , it encompasses limitations that are similar to limitations of claim 1. 
Thus, it is rejected with the same rationale applied against claim 1 above. 
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As per claim 11 , the rejection of claim 10 is incorporated and it encompasses limitations 
that are similar to limitations of claim 2. Thus, it is rejected with the same rationale 
applied against claim 2 above. 

As per claim 12 and 13 , the rejection of claim 10 is incorporated and they encompass 
limitations that are similar to limitations of claims 3 and 4. Thus, it is rejected with the 
same rationale applied against claims 3 and 4 above. 

As per claim 14 , the rejection of claim 10 is incorporated and it encompasses limitations 
that are similar to limitations of claim 5. Thus, it is rejected with the same rationale 
applied against claim 5 above. 

As per claim 15 , the rejection of claim 14 is incorporated and it encompasses limitations 
that are similar to limitations of claim 6. Thus, it is rejected with the same rationale 
applied against claim 6 above. 

As per claim 17 , the rejection of claim 16 is incorporated and it encompasses limitations 
that are similar to limitations of claim 8. Thus, it is rejected with the same rationale 
applied against claim 8 above. 



As per claim 18 , it encompasses limitations that are similar to limitations of claim 1. 
Thus, it is rejected with the same rationale applied against claim 1 above. 
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As per claim 19 , the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 2. Thus, it is rejected with the same rationale 
applied against claim 2 above. 

As per claim 20 and 21 , the rejection of claim 19 is incorporated and they encompass 
limitations that are similar to limitations of claims 3 and 4. Thus, it is rejected with the 
same rationale applied against claims 3 and 4 above. 

As per claim 22 , the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 5. Thus, it is rejected with the same rationale 
applied against claim 5 above. 

As per claim 23 , the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 6. Thus, it is rejected with the same rationale 
applied against claim 6 above. 



As per claim 25 , the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 8. Thus, it is rejected with the same rationale 
applied against claim 8 above. ! 
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3. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Smith et 
al (US Patent No. 7,136,873) in view of Schneier et al (US Patent No. 5,978475) in view 
of Chang et al (US Patent No. 6,584,459) and in view of Numao et al (US Patent NO. 
6,647,388) and in view of Kahn (US Patent No. 7,185,192). 

As per claim 9 , the rejection of claim 1 is incorporated and Kahn teaches: 

allowing a user to enable and disable the security protocol [col. 4 lines 43-67, col. 5 
lines 1-37, 44-49]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Kahn with Smith, Schneier, Chang and Numao, 
since one would have been motivated to provide robust access control mechanisms 
using a flexible authorization system [Kahn, col. 4 lines 20-22]. 

Response to Amendment 

4. Applicant has amended claims 1-2, 6, 10, 11, 15, 18, 19, 23, which necessitated 
new ground of rejection. See rejection above. 
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Conclusion 

5. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Nirav Patel whose telephone number is 571- 

272- 5936. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 

273- 8300. Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 571-272- 



